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(54) Title: MULTIPLE CRYPTOGRAPHIC KEY DISTRIBUTION 
(57) Abstract 



A method for generating data encryp- 
tion keys providing an increased level of 
security and versatility is provided for use 
with data communications between a server 
and a client. According to this method, a 
Master Key (MK) is stored in a secured 
area that is inaccessible to external systems. 
Also stored in this secured area are several 
Series Numbers (SN). Based on one of sev- 
eral offered mechanisms, an SN is selected. 
The selected SN is then encrypted by a con- 
ventional data encryption algorithm, such 
as Data Encryption Standard (DES)» using 
the MK. Through use of the MK, the SN 
is encrypted by die algorithm to generate a 
Derived Key (DK). The DK is then used in 
a second conventional data encryption al- 
gorithm. This second algorithm is used to 
encrypt data that is to be exchanged with 
an external system, or used to authenticate 
access. It may also be used to generate an 
electronic signature. 
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Multiple Cryptographic Key Distribution 



Background of the Invention 

Field of the Invention 

The present invention relates generally to computer communications, and 
more specifically to a means for generating data encryption keys to provide an 
increased level of data security for communications between a server ( such as a 
computer system) and a client (such as a smart card). 

Related Art 

The increased use of computer systems to transmit and receive sensitive 
data has elevated concerns about data security. For example, recent 
advancements in computer technology have provided consumer industries with 
what are commonly known as smartcards. A smartcard resembles a plastic credit 
card in size, shape, and construction. However, smartcards are essentially 
computers manufactured on plastic cards. They generally comprise a 
microprocessor, primary memory, and secondary memory for data storage. 
Additionally, smartcards have input and output means for exchanging data with 
external systems. Smartcards store and process application specific data. 
Commonly, the application specific data is user-specific and pertains to personal 
and/or business accounts of the smartcard owner. 

An example of an application of smartcard technology may be found in the 
banking industry. For example, smartcards may be used to replace common 
Automated Teller Machine (ATM) cards. Conventional ATM cards merely store 
data generally used to identify and authenticate users to the ATMs. ATMs 
typically communicate with central computer systems in order to process requests 
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by ATM customers. Often, communication line service outages prevent ATMs 
from processing customer requests. 

Smartcards on the other hand, with their built-in active computer circuitry 
can provide much greater functionality than conventional ATM cards. Smartcards 
5 can process data independently of the ATM and the remote computer system. For 

example, a smartcard that contains current account information such as balance 
and credit data, may eliminate the need for remote communications between the 
ATM and the central computer system, thereby decreasing ATM down-time. 
Moreover, smartcards can manage several different accounts at once, and enable 
10 transfers and the like between such accounts. For example, people can use their 

smartcard to pay their credit card bill by issuing a command to transfer funds from 
their checking account to then* credit card account. All information necessary for. 
the transfer is contained within the smartcard itself Another advantage of 
smartcards is that they can communicate with several external systems, such as 
15 ATM machines, pay phones, and personal computer systems. 

Smartcard technology can also be used with telecommunication 
technology such as wireless telephone communications over cellular networks and 
other personal communications services (PCS). For example, a smartcard can 
maintain user account information pertaining to a telecommunication service 
20 provider and user specific features. The smartcard, when placed into a slot on a 

wireless phone, will instruct the phone to send the user's identification and 
authentication data to the originating switch on the service provider's telephone 
network In this way, the telephone network will automatically authenticate the 
user and access the user's account to provide user-specific and/or system specific 

25 features. 

* A significant consideration in the development and use of smartcard 
technology is data security. If a smartcard is to be used to access sensitive data 
regarding a user, certain measures of security are required to protectee user 
against unauthorized access. Likewise, if sensitive data is to be exchanged 
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between the smartcard and external systems, data encryption should be 
implemented. 

Smartcards in use today often use data encryption algorithms and 
encryption/decryption keys. The encryption/decryption keys are commonly muhi- 
bit combinations that enable data encryption algorithms to encrypt data in a 
predictable manner. The encryption/decryption key is embedded within the 
permanent memory of the smartcard, and is not accessible by people. Such keys 
and data encryption methods are used to authenticate the use of the card and to 
interface with the applications that reside within the external computer systems. 
Data encryption provides for secure access to user accounts, secure data exchange 
between the cards and the external systems, and electronic signatures that uniquely 
and securely identify users to originate smartcard transactions. 

If such keys are compromised, the measure of security provided by the key 
is broken. A key is compromised when it becomes known to an unauthorized 
user, such as a hacker. A hacker can break the code of a key, for example, with 
the use of a computer program that rapidly generates numerical combinations and 
tries each one as a key to gain access to the secured application. Eventually, the 
right combination is found and the key is broken. 

If a smartcard's key is compromised, great expenses are incurred. First, the 
smartcard must be replaced, since the key is usually hard-coded (permanently 
coded) into its memory. Even if the key is not hard-coded, the smartcard must 
still be re-programmed and a new key must be downloaded into its permanent 
memory storage device. Second, all external systems that communicate with the 
card must be re-programmed with the card's new key. The cost of such 
reprograrnrning and replacement can be very significant. 



Summary of the Invention 



A system and method for generating data encryption keys that provide an 
increased level of security and versatility are provided. The invention is 
particularly adapted for use with smartcard technology, but is also applicable to 
other uses, as win be apparent to persons skilled in the art. The present invention 
stores a Master Key (MK) in a secured area of permanent memory of a device 
(such as a smartcard), that is inaccessible by humans and systems external to the 
device. Also stored in this secured area of permanent memory and inaccessible 
by external systems are several Series Numbers (SN) Based on one of several 
offered mechanisms, one SN is selected. The selected SN is then encrypted by a 
conventional data encryption algorithm using the MK to generate a Derived Key 
(DK). The DK is then used in a second conventional data encryption algorithm. 
This second algorithm is used to encrypt data that is to be exchanged with an 
external system, or used to authenticate access. It may also be used to generate 
an electronic signature. 

By using a Derived Key (DK) as an encryption key in a second data 
encryption algorithm, an additional level of security and versatility are provided. 
If the DK is compromised, a new DK is generated and the compromised DK is 
discarded. This occurs through the use of multiple SN's and by altering the 
mechanism that selects the SNs. The compromised DKs are discarded by 
software changes only. This eliminates the need for replacing cards and 
reprogramming external systems with new encryption keys, whenever a key is 
compromised. 

An additional aspect of the present invention relates to its use with 
conventional Personal Identification Numbers (PIN). The smartcard may be 
programmed such that the mechanism that selects the SN is the entry of a PIN. 
Different PIN's will cause the selection of different SNs. If a DK is compromised, 



the user need only enter another PIN. Only the right combination of DK and PIN 
will cause the external system to authenticate the smartcard. 

The smartcard may also be programmed such that multiple sets of Series 
Numbers (SN) are encoded. This is especially relevant for smartcards that contain 
multiple applications, such as several credit card accounts. Each set of SN*s apply 
to an individual application or account. A certain PIN will select a corresponding 
set of SN's that relate to a certain application. Once the appropriate set of SN's 
is selected, then an individual SN is selected for encryption based on a pre- 
determined mechanism. 

Further features and advantages of the invention, as well as the structure 
and operation of various embodiments of the invention, are described in detail 
below with reference to the accompanying drawings. In the drawings, like 
reference numbers generally indicate identical, functionally similar, and/or 
structurally similar elements. The drawing in which an element first appears is 
indicated by the digits) to the left of the two rightmost digits in the corresponding 
reference number. 

Brief Description of the Figures 

The present invention will be described with reference to the 
accompanying drawings, wherein: 

Figure 1 is a block diagram illustrating the architecture of a client such as 
a smartcard according to the present invention; 

Figure 2 is a process flowchart illustrating the general operation of the 
present invention when used to authenticate client access to a server; 
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Figure 3 is a process flowchart illustrating the general operation of the 
present invention when used to encrypt and decrypt data; 

Figure 4 is a process flowchart illustrating the general operation of the 
present invention, with the additional aspect of utilizing PIN codes; and 

5 Figure 5 is a block diagram depicting the architecture of a server that 

communicates with clients according to the present invention. 

Detailed Description of the Preferred Embodiments 

Referring to Figure 1, a block diagram of the architecture of a smartcard 
10 102 (also referred to herein as "client"), utilizing the present invention is shown. 

While the invention is described for convenience in the context of a smartcard, it 
will be appreciated that the invention applies to all applications that use 
cryptographic keys that are subject to being compromised. To aid simplicity of 
illustration, components of the smartcard that are not relevant to the invention are 
- " 15 not shown. Contained within the smartcard 102 is a secured area of permanent 

memory 104 that is inaccessible to external systems. A Master Key (MK) 106, 
and a plurality of Series Numbers (SNs) 108-1 through 108-n, are stored within 
the secured area 104. The plurality of Series Numbers are each multiple bit 
combinations that are permanently programmed into the smartcard 102. 
20 External to the secured area of permanent memory 104 is a program that 

includes a conventional data encryption algorithm (DEA1) 110. This program 
(DEA1) executes in the smartcard 102. DEA1 1 10 may be any of several well 
known standard algorithms used for encrypting data. Details and implementation 
of such algorithms would be apparent to persons skilled in the relevant art(s). The 
25 DEA1 1 10 receives an input and generates an output. The inputs to DEA1 1 10 
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are a selected series number (SSN) 116 and the MK 106. The output ofDEAl 
110 is a Derived Key (DK) 112. 

The selected series number 1 16 is selected from the plurality of series 
numbers 108-1 through 108-n A selection algorithm 1 14 that is executed by the 
5 smartcard 102 is used to select the SSN 116. A unique DK 112 is generated by 

DEA1 1 10 for each unique selected series number 116, in combination with the 
MK106. Thus, the generation of a Derived Key, DK, is a DEA1 function of the 
MK and the SSN, such that DK = DEA1(MK, SSN). 

Figure 5 is a block diagram depicting the architecture of a server 502 that 
10 communicates with clients such as the smartcard 102, according to the present 

invention. A secured data storage area 504 is used to store a plurality of client 
information blocks 506-1 through 506-n. Each client information block 506 
comprises specific information pertaining to each client 102 that is pre-authorized 
to communicate and conduct transactions with the server 502. 
15 Each client information block (506-1 through 506-n) includes a plurality 

of series numbers (such as 1SN ... ISNn shown in client information block 506- 
1), and a master key (such as 1MK shown in client information block 506-1). 
Each client information block stored within the server contains identical data as 
is stored in the corresponding client's permanent memory area 104. For example, 
20 suppose that client information block 506-1, stored within the server 502, 

corresponds to the client smartcard 102, as shown in Figure 1 In that case, the 
master key 1MK, shown in client information block 506-1 is the same as the MK 
106. Likewise the series numbers, 1SN1 ... ISNn shown in client information 
block 506-1, are the same as the series numbers 108-1 through 108-n, stored 
25 within the smartcard 102. 

External to the secured data storage area 504 is a program that includes 
a conventional data encryption algorithm (DEA1) 1 10. This program (DEA1) 
executes in the server 502. DEA1 110 may be any of several well known standard 
algorithms used for encrypting data. Details and implementation of such 



algorithms would be apparent to persons skilled in the relevant art(s). The DEA1 
110 receives an input and generates an output. The inputs to DEA1 1 10 are a 
selected series number (SSN) 1 16 and master key such as 1MK shown in 506-1 . 
The output of DEA1 1 10 is a Derived Key (DK) 1 12. 

The selected series number 1 16 is selected from the plurality of series 
numbers (1SN1 through ISNn or example). A selection algorithm 114 that 
executes in the server 502 is used to select the SSN 1 16. The unique DK 1 12 
that is generated by DEA1 1 10, is dependent upon the inputs to the DEA1 1 10, 
namely the selected series number 1 16 and the master key such as 1MK shown in 
506-1. 

As shown by the use of common reference numbers, the selection 
algorithms 114 that are executed within the server 502 and the client 102 are 
functionally equivalent. Therefore both the client 102 and the server 502 will 
generate the same selected series number, if the same plurality of series numbers 
are used as inputs to both systems. likewise, the data encryption algorithms 
1 10 that are executed within the server 502 and the client 102 are functionally 
equivalent. Therefore both the client 102 and the server 502 will generate the 
same derived key 1 12, if the same inputs (namely the selected series number and 
the master key) are used by both systems. 

Note that at least one series number is selected to implement the additional 
level of data security according to the present invention. Many different methods 
and/or different algorithms can be used to select a particular series number from 
the plurality of series numbers according to the present invention. One method is 
to use the same selection algorithm 1 14 in both the server 502 and the client 102. 
In this case, the same SN is selected in both the server 502 and the client 102, 
since they both use the same algorithm. Alternatively, only one system, either the 
server 502 or the client 102 uses the selection algorithm. In this case, the output 
from the selection algorithm is passed to the other system, so that both systems 
generate common DKs. Several such examples of selection methods are discussed 
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below in order to demonstrate preferred ways to implement the present invention. 
In addition to the examples below, many other variations are possible and as such, 
these examples should not be construed to limit the scope of the present invention. 

One method which may be used to select a SN 1 06 from the plurality of 
SNs is by using an algorithm 114 programmed within the smartcard 102 that 
generates a random number. The random number is used as an index to select a 
particular SN 1 16. The SSN 1 16 is subsequently passed to the server 502 in an 
initialization transaction. The server 502 uses the SSN 116 received from the 
smartcard 102, along with the MK associated with the smartcard, (1MK shown 
in client information block 506-1, for example), to generate the same DK 112. 
The smartcard 102 acts in a similar manner. Accordingly, the transaction is 
validated. 

A variation on the above method is to have the server 502 generate the 
SSN 1 16 to be used by both the server 502 and the smartcard 102. The same or 
similar random number generating algorithm 114 as described above resides in the 
server 502. The selection algorithm 1 14 is used by the server 502 to select a SN 
from the plurality of SNs (ISNl-lSNn, for example) contained in the information 
506- 1 block corresponding to the smartcard 102, thereby generating a SSN 116. 
The SSN 1 16 is used by the server 502, along with the MK associated with the 
smartcard 102 (1MK shown in client information block 506-1, for example), to 
generate a DK 112 for the current transaction. The SSN 1 16 is passed to the 
smartcard 102, where along with its internal MK 106, generates the same DK 1 12 
via the DEA1 1 10 in the smartcard 102, thus validating the transaction. 

Another example is to have the same selection algorithm 1 14 execute in 
both the client 102 and the server 502. The common algorithm 1 14 generates an 
index based on a non-random figure, such as date or the time. The index is then 
used by both the client 102 and the server 502 simultaneously to select a SSN 
11 6, and generate a DK 112 for the session, as previously discussed herein. 
Alternatively, this non-random type algorithm rn^y be programmed within only 
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one of the systems and the SSN is passed to the other system, as described above, 
for example, in ah initialization transaction. 

A secret code that is assigned to a smartcard holder, commonly referred 
to as a Personal Identification Number (PIN), can be used to select a particular 
5 SN. Such a number for example, can be used as an index to select a SN, or can 

be used as input to any number of different algorithms which are used to generate 
an index for the SN selection. 

As can be seen, many different methods for SN selection are available and 
will work as long as the same procedure is used in both the smartcard 102 and the 

10 server 502, or the actual SN 1 16 is passed from one system to the other. In this 

way, the SSN 1 10 that is used by the smartcard 102, as input to its DEAI 110, 
is identical to the SSN 1 10 used by the server 502, as input to the server's DEAI 
1 10, so that identical DKs 1 12 are generated by both systems. 

Referring now to Figure 2, a process flowchart illustrates the general 

15 operation of the present invention when used to authenticate client access to a 

server. In this example, the client may be a smartcard and the server may be a 
bank's ATM The process begins in step 202, where the client requests access to 

^ the server. In step 204, the server passes token 205 to the client. The token 205 

is subsequently used as input during a data encryption step 212a performed by 

20 the server and a data encryption step 2 12b performed by the client. Token 205 is 

simply a number that will be used by both the server and the client during data 
encryption step 212a and 212b, and must be the same for both to authenticate 
access. The passing of the token in step 204 does not necessarily have to occur 
at this point in the process but should occur prior to steps 212a and 212b. ■ - ■ 

25 The processes continues within both the client and the server whereby each 

system generates a derived key. Such processes occur in parallel within the client 
and the server. Steps 206a through 212a depict the process steps taken by the 
server and steps 206b through 212b depict the process steps taken by the client. 
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The server process begins with step 206a. In step 208a, the mechanism 
that selects the SSN 1 16 is executed. As previously discussed, this mechanism 
is typically an algorithm such as selection algorithm 1 14 that generates an index 
number n, which is used to specify the SN to be used for the current transaction. 
Other methods to select a SN could alternatively be used. The SSN 1 16 is made 
known to the client, by either passing the SSN 1 16 to the client, or by running the 
same or similar algorithm in the client as previously discussed herein, such that the 
client generated SSN 116 is the same as the server generated SSN 116. The 
method used by the client and the server is defined before the processing of the 
flowchart of Figure 2. Such definition may be achieved via an initialization 
transaction between the server and the client. 

The SSN 116 is used as input to step 210a, which is the first Data 
Encryption Algorithm (DEA1), as previously described. A second input to DEA1 
210a is the MK 106, which is common to and stored in both the client and server, 
as previously discussed. In step 210a, DEA1 uses the SSN 1 16 and the MK 106 
to generate the derived key (DK) 1 12 to be used in the current transaction. A 
similar process for generating the same DK 1 12 executes in the client in steps 
206b through 210b. 

In both the client and the server, the derived key 1 1 2 is used in a second 
Data Encryption Algorithm (DEA2) in steps 212a and 212b to encrypt the token 
205 . DEA2 may or may not be the same encryption algorithm used in DEA1 . 
As noted above, DEA1 and DEA2 are any well known encryption algorithm. The 
token 205 is a common number to both the client and server. Therefore, identical 
results (214a and 214b) are obtained from the server's DEA2 212a and the 
client's DEA2 212b. 

The client result 214b is passed to the server in step 216. The server 
receives the client result 2 14b in step 218. In step 220, the server compares the 
client result 214b with the server result 214a. If the client result 214b matches 
the server result 214a, then the server allows access, as indicated by step 222. If 
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the client result 214b does not match the server result 214a, then the server does 
not allow access, as indicated in step 224. 

Referring to Figure 3, a process flowchart illustrates another embodiment 
of the present invention. In this example, the client may be a smartcard which 
needs to pass a confidential number Nl 304 to a server, which may be an external 
computer system. In this example, the exchange of Nl 304 must be kept secure. 
Therefore, Nl is encrypted using a Derived Key (DK) 1 12, as is characteristic of 
the present invention. The transaction of exchanging the confidential number Nl 
304 begins with step 302. 

Steps 206a through 210a and steps 206b through 210b are the same 
process steps as shown in Figure 2, used to produce the derived key 1 12 in the 
server and client respectively Note that the token passing step 204 is not used in 
the process depicted by Figure 3; 

The DK 1 12 that is generated by the client process in step 210b is used as 
a key for a second Data Encryption Algorithm (DEA2) in step 306. DEA2 
accepts the number Nl 304 as a first input and the DK 112 as a second input. 
The output of DEA2 is an encrypted number EN1 308, which is passed to the 
server in step 310. 

In step 3 12, a decryption algorithm, which is the reverse of DEA2, is used 
to regenerate the confidential number Nl. In step 312, the server uses an 
independently derived DK 112 as a first input and the received EN1 308 as a 
second input. Using this method, Nl 304 is exchanged between the client 
(smartcard) and the server (external computer system) in an encrypted manner so 
as to maintain security. 

Furthermore, the specific encryption of Nl 304 results from the use of a 
common Derived Key 112, which is independently generated by both the client 
and server. As with* all of the methods described herein, if the DK 112 is 
compromised, a new DK can be generated by both the client and server by 
selecting a new SN. A new SN may be selected by using a different selection 
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algorithm, or by using the same selection algorithm with different inputs. 
Accordingly, the present invention effectively removes the compromised DK from 
use. Many methods may be used to implement the modification of the selection 
algorithms used by the client and/or the server. For example, both the client and 

5 the server may be manually reconfigured, or may be automatically reconfigured 

via a transaction between the client and the server. Other implementations will be 
apparent to persons skilled in the relevant art(s). 

An additional aspect of the present invention will now be described with 
reference to the use of Personal Identification Numbers (PINs). PINs are 

10 commonly, but not necessarily, four digits in length. The smartcard 102 may be 

used for several different applications. For example, a single smartcard 102 may 
contain numerous credit card accounts. It may also contain multiple sets of SN's, 
where each individual set corresponds to a different application and /or server. An 
individual set of SNs is selected within the smartcard. A particular set of SN's is 

IS selected by the smartcard, as the result of a user entering a particular PIN into the 

server. Once a particular set of SNs is selected, the same process as previously 
described above is used within the smartcard and the server to conduct secure 
transactions. In addition to providing a means of security, this method also 
provides a means for automatically selecting an application on a multi-application 

20 smartcard. 

Referring now to Figure 4, this operation of an additional embodiment is 
illustrated. After the transaction begins in step 302, the server process begins as 
step 206a indicates. A user inputs a particular PIN into the server, as indicated by 
step 402. The PIN 404 is passed to the client to be used as input to a series 

25 number set selection process within the client. In step 406 a particular set of SN's 

that corresponds to the particular application, such as an ATM bank account, is 
selected, in the client, based on the PIN 404. The set of SNs may be similarly 
selected in the server, as indicated by step 403. The process from this point on, 
continues in the same manner as previously described, beginning with the SN 
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selection steps by both the client and the server as depicted by steps 208b and 
208a respectively. Either steps 290 from Figure 2 or steps 390 from Figure 3 may 
be performed, as indicated by step 490. 

While various embodiments of the present invention have been described 
5 above, it should be understood that they have been presented by way of example 

only, and not limitation. Thus, the breadth and scope of the present invention 
should not be limited by any of the above-described exemplary embodiments,- but 
should be defined only in accordance with the following claims and their 
equivalents. 
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What Is Claimed Is: 

1 1 A system for secured data communication between a client and a server 

2 comprising: 

3 a client comprising: 

4 a secure memory suitable for storing data that is inaccessible 

5 outside of said client; 

6 a master key stored within the secure memory; 

7 a plurality of series numbers stored within the secure memory; and 

8 a first encryption device coupled to said master key and said series 

9 numbers, to generate a first derived key from one of said series numbers, 
10 and said master key; 

IX a server in communication with said client, comprising: 

\2 a server memory device; 

\ 3 a plurality of master keys stored in the server memory device, each 

14 master key associated with a particular client that is pre-authorized to 

1 5 communicate and conduct transactions with the server, 

1 6 a plurality of sets of series numbers stored in the server memory 

17 device, each set associated with a particular client that is pre-authorized 

"^18 to communicate and conduct transactions with the server; 

19 a second encryption device, functionally equivalent to said first 

20 encryption device, to generate a second derived key from a series number 

2 1 from one of said sets of series numbers in said server memory device that 

22 corresponds to said client, and one of said master keys in said server 

23 memory device that corresponds to said client, said first and second 

24 derived keys being identical. 
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2. The system of claim 1, wherein the client further comprises a 
selecting means for selecting a particular series number from said plurality 
of series numbers. 

3. The system of claim 2, wherein the server further comprises a 
second selecting means for selecting a particular series number from said 
set of series numbers that corresponds to said client. 

4. The system of claim 3, whereby said second selecting means is 
functionally equivalent to said first selecting means so that the same 
particular series number is selected by both said first and second selecting 
means. 

5. The system of claim 2 wherein said selected series number is 
communicated to the server so that the server may use the same series 
number as the client. 

6. The system of claim 3 wherein said selected series number is 
communicated to the client so that the client may use the same series 
number as the server. 

7. The system of claim 2 wherein said first selecting means comprises: 
means for accepting a personal identification number from a user; 

/ means for selecting a set of series numbers from said plurality of 
series numbers based on said personal identification number; and 

means for selecting a particular series number from said set of 
series numbers. 
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8 The system of claim 1 , wherein said first and second derived keys 
are used in subsequent encryption processes as encryption keys. 

9. A method for secured data communication between a client and a 
server, said client comprising a first encryption device, and a secure 
memory suitable for storing data that is inaccessible outside of said client, 
said server comprising a second encryption device and a memory device, 



5 said method comprising the steps of: 

6 (1) storing, within the secure memory of the client, a master 

7 key; 

8 (2) storing, within the secure memory of the client, a plurality 

9 of series numbers; and 

10 (3) using said master key and said plurality of series of 

U numbers by the client to validate and conduct transactions with said 

12 server. 

1 10. The method of claim 9, wherein step (3) comprises the steps of: 

2 (a) selecting, by the client, a particular series number from the 
-i 3 plurality of series numbers; 

4 (b) generating, by the client, a derived key using said master 

5 key and said selected number. 

1 11. The method of claim 10, further comprising the steps of: 

2 (4) storing, within the memory device of the server, a plurality 

3 of master keys, each master key associated with a client that is pre- 

4 authorized to communicate and conduct transactions with said server; 

5 (5) storing, within the memory device of the server, a plurality 

6 of sets of series numbers, each set associated with a client that is pre- 

7 authorized to communicate and conduct transactions with said server; 
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(6) selecting, by the server, a particular master key from said 
plurality of master keys, said particular master key being associated with 
said client; and 

(7) selecting, by the server, a particular set of series numbers 
from said plurality of sets of series numbers, said particular set of series 
numbers being associated with said client. 

12. The method of claim 1 1, further comprising the steps of: 

(8) selecting, by the server, a particular series number from 
said particular set of series numbers; 

(9) generating, by the server, a derived key identical to said 
derived key generated in step (3)(b), by using said particular master key 
and said selected series number. 

1 3 . The method of claim 1 2, wherein the selection method of step (8) 
is functionally identical to the selection method of step (3Xa), so that both 
the client and the server selects the same said particular series number. 

14. The method of claim 10, wherein the client sends the selected 
series number to the server so that the server may use the same selected 
series number as the client. 

15. The method of claim 9, wherein step (3) comprises the steps of: 

(a) accepting a personal identification number from a user; 

(b) selecting a set of series numbers from said plurality of 
series numbers based on said personal identification number; 

(c) selecting a particular series number from said set of series 
numbers; and 
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(d) generating, by the client, a derived key using said master 
key and said selected series numbers. 
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